With the increase of security risks to computing devices, and the ubiquity of network connections, many security mechanisms have been developed to try to reduce the threat of computer hacking. One mechanism employed by many operating systems is mandatory access control (MAC) systems. Examples of operating systems that employ MAC or similar techniques are SELinux, SECURE SOLARIS (of Sun Microsystems, Inc., of Santa Clara, Calif.), and WINDOWS VISTA (of Microsoft Corporation of Redmond, Wash.). Note that all copyrights used here and elsewhere herein are used solely for purposes of identification of a product. All marks are the property of their respective owners.
In a MAC system or the equivalent, programs are executed under a security role, or other form of access permission identifier. For each role or group of roles, there are one or more rules that define what programs having the role are allowed to do. The rules can be referred to as permissions, access permissions, security policies, or some other label. The system generally applies the same rules to all programs having the same role. The general applicability of rules to programs of the same role is true even when the programs are executed in separate restricted execution environments. As used herein, an execution environment can refer to a principal or main execution environment, which is the environment provided by the operating system under which all programs on the system execute. Note that differences in terminology may be used. While it is said that the programs execute “under” an operating system, the terminology is essentially interchangeable with other terminology. When focusing on the concepts of control/management in the system, it is typically said that programs run “under” the operating system. When referring to the operating system as an environment that provides services and enables execution of programs, it may be said that programs run “on top of” the operating system, although a program could be said to run or execute under an environment. Either term may be used herein.
In a MAC or similar access control environment, each program instance can be executed in a separate execution environment. Such systems are designed to have security rules apply to an operating system, and thus apply to all instances of programs executing on the operating system environment. The systems are not designed to allow one instance of a program to operate on one set of rules while a sibling instance operates on a different set of rules, but rather that all instances will use the same rules. Operation within the system assumes the use of the same set of security rules by all instances. However, the overlap in applicability of security rules to sibling program instances may allow for less logical separation between the instances than intended. In fact, some MAC environments may not allow the use of separate sub-execution environments to allow execution of multiple program instances because of the lack of separation of the sub-execution environments.